When E-commerce Security Meets Brick-and-Mortar Retail

Once upon a time, a few years ago, e-commerce was a separate world from brick-and-mortar retail. So was e-commerce security. Now the lines are blurring: Not only do traditional brick-and-mortar stores have more e-commerce operations, but a growing number of online retailers are branching out into storefront operations as well.

Mobile devices further blur the lines, allowing online transactions to happen literally in front of the store window. Indeed, even individual transactions can be blended, with buyers making a purchase online and then going into a store to pick up the purchase.

Even as storefront and online retail come together, each poses its own distinct cybersecurity challenges — one size does not fit all. Businesses with both storefront and e-commerce operations, which now include most retailers, need cybersecurity strategies in place to handle brick-and-mortar cybersecurity as well as e-commerce security.

Two Sides of One Street

Some aspects of retail cybercrime are equal-opportunity threats to both storefront and online operations. Broadly speaking, these threats converge and become similar at the back end.

For example, whatever their mix of online and storefront transactions, all retailers depend on the security and integrity of their customer account records. Breaches of these databases, which can compromise millions of customers’ financial data, are a leading risk to all retailers. The back-end protective measures needed to secure this information are not transaction-dependent.

On the other hand, as Sara Peters noted at Dark Reading, storefront retail poses some distinct security challenges. Point-of-sale (POS) malware increased 66 percent in the last quarter of 2015 alone, for example.

While payment system downtime is bad for any organization, the effects may be particularly crippling for in-store or mobile retail. If people shopping from home cannot complete a transaction on their favorite retail website, they may simply blame the internet and try again some other time. But if they go into a store and cannot complete a purchase, the experience is much more aggravating. There they are, looking at the merchandise they want, and yet they still can’t buy it.

Threats in a Fragmented World

The bustle of storefront retail adds further challenges. Sales clerks are busy answering questions and providing assistance at the same time that they are processing payments, increasing the chance of small but costly mistakes.

Moreover, brick-and-mortar retailers must guard against cyberthreats such as POS fraud while defending against traditional storefront threats such as shoplifting. Retail clerks now need three pairs of eyes to tend to customers, avoid traditional retail threats and guard against cyberthreats.

As online retailers expand into the storefront, they — like their brick-and-mortar counterparts who are moving online — are discovering the need to securely handle business in what Information Age characterized as “an omnichannel environment.” This includes challenges that have no exact equivalent in pure online retail, where transactions go through a web portal on the front end, while physical fulfillment is handled in a warehouse.

The special demands of protecting brick-and-mortar retail against cyberthreats can be summed up as the challenge of fragmentation. E-commerce can happen anywhere and everywhere, but e-commerce security is centralized. Transactions all pass through a web presence, and their fulfillment is handled from a warehouse. In contrast, every individual storefront provides its own opportunity for cyberthreats to slip past defenses and carry out an attack.

E-commerce Security Gets Complicated

Protecting a customer database against compromise is absolutely crucial for all retailers — large or small, brick-and-mortar or online. But retailers with physical operations need to be aware that those storefronts, for all their advantages, also pose distinct risks that require their own specialized security protections.

Contributor'photo
Rick Robinson is a writer and blogger, with a current 'day job' focus on the tech industry and a particular interest in...